ESISS

ISC are reporting a serious problem in all versions of BIND 9 which perform recursive queries.

From the ISC website:

Organizations across the Internet are reporting crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crash after logging an error in query.c with the following message: “INSIST(! dns_rdataset_isassociated(sigrdataset))” Multiple versions are reported as being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and working to produce patches which avoid the crash. Further information will be made available soon.

original link:

https://www.isc.org/software/bind/advisories/cve-2011-tbd

MS11-083 Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) – Windows Vista, Windows Server 2008, Windows 7 (All versions)

As part of yesterdays patch Tuesday Microsoft announced a critical vulnerability bulletin (Microsoft Level 2). The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.

All customers should apply this update as soon as is possible if they do not automatically apply updates as there is a strong likelihood of worms being developed which would exploit this vulnerability.

Further details are available here:
http://technet.microsoft.com/en-us/security/bulletin/ms11-083

Oracle have released an advisory which informs of several security updates released for their various products including a recent Java security update. The nature of some of the vulnerabilities described in this advisory are critical and should be treated with high priority. The advisory consists of  57 updates and further information can be found here: http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html

Product: Apache HTTP
Affected module: mod_proxy
Affected versions: httpd 1.3 (all versions), 2.x (all versions)

A security advisory released describes a vulnerability in the ‘ReWriteRule’ and ‘ProxyPassMatch’ directives in Apache which could lead to internal information disclosure. This functions in the mod_proxy module is used to configure a reverse proxy using pattern matching. Apache configuration with this vulnerable configuration enabled can refer to the following patch: http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/ available that rectifies it.

For the original advisory please refer: http://seclists.org/fulldisclosure/2011/Oct/232

Adobe have released a pre-notification advisory detailing some updates they will be releasing for Flash Player. The advisory indicates that one of the vulnerabilities is being actively exploited. The Adobe advisory can be found here:

http://blogs.adobe.com/psirt/2011/09/prenotification-security-update-for-flash-player.html

ESISS will update this blog as more information becomes available.

Update: Adobe have now released this update (version 10.3.183.10). You can update by visiting http://get.adobe.com/flashplayer

The interim report on the diginotar hack has been published (http://www.diginotar.nl/Portals/7/Persberichten/Operation%20Black%20Tulip%20v1.0.pdf) This details the timeline of what happened, what certs were issued (as far as they can tell) and what areas of the CA infrastructure were broken into.

The hacker responsible for the Comodo hack earlier in the year (details here) is now claiming responsibility for this aswell via his pastebin account (http://pastebin.com/1AxH30em) he is also claiming that he has access to four other high profile CAs and can still issue rogue certificates. He posted the domain admin password for diginotar in order to prove he carried out the hack.

Most browser companies have now removed the diginotar root CA certificate from their local trusted store and diginotar have also now revoked all the falsely issued certificates.